Skip to main content

SecOPTIC

Introduction

This manual describes how to manage the SecOPTIC Module (SOM) on the KOBIL Smart Security Management Server (SSMS). Please find a detailed description of all the settings in the administrator manual for the kernel module. The SecOPTIC module helps you managing the SecOPTIC tokens.

General information

This manual is aimed at the operators who install, configure and use the KOBIL Smart Security Management Server. The document is also intended for the responsible administrators of the management system.

This manual only describes specifically how to use the SecOPTIC Module (SOM). It does not describe the other modules of the SSMS. For information about the other modules and manuals for the administration of the SSMS, contact the support.

Version dependent validity of the manual

As you can add the various modules to the KOBIL SSMS independently from each other, different versions of the single modules exist. To ensure compatibility of the versions, note the overview about the versions compatibility in the installation manual of the KOBIL SSMS.

SecOPTIC Module

The SecOPTIC module manages SecOPTIC tokens and allows the verification of one-time passwords (OTP) generated via the SecOPTIC tokens.

This module can be used only after it has been installed. Find details about the installation of the modules in the installation manual of the KOBIL SSMS.

To manage the SecOPTIC devices, specific functions are provided via the GUI and the SOAP interface. The SOAP interface can be used with the command line tools delivered with the module. The SOAP interface can be used to integrate the server into the existing IT infrastructure. The following are command line tools which communicate with one of the installed management nodes on the server.

SecOPTIC Token Import

Import device information into the server, in particular the secret information assigned to the devices via this function. The import file is usually generated from the producer of the devices during their production. However, the file can also be produced via an export from the SSMS server. The import file is always encrypted for a single server and can be only imported into this server.
Imported devices always have the status “locked” when they are first imported.

SecOPTIC Token Export

Export the SecOPTIC tokens securely from a server via this function. The data are encrypted for the exporting server installation.

SecOPTIC Token Management

The Token Management offers the following functions:

  • Assign SecOPTIC tokens to users or remove the assignment
  • Lock or unlock SecOPTIC tokens (status locked or unlocked)
  • Remove SecOPTIC tokens from the server
  • Retrieve the list of the tokens registered on the server
  • Create, retrieve or remove a user

The SOAP functions provided by the services node verify the one-time passwords (OTP). They can be integrated into a web portal, for example, to allow a log-in via OTP. Beyond that, a SecOPTIC token can also be registered by the user himself in self-service (assignment of a SecOPTIC token to a user). During this process, a SecOPTIC device whose user is not known yet is given to a customer and can be assigned to the user via an activation process.
You can manage the single KOBIL devices also via the SecOPTIC view of the management graphical interface. The following are the submenus of the SecOPTIC view.

  • SecOPTIC Token
  • Users
  • Reporting
  • Advanced-Settings

Role management in the SecOPTIC module

A role must be assigned to each operator of the system. The division into different roles defines the authorizations of every single operator.

Please find information on how to create roles and assign them permissions in the manual for the Kernel module.

Please find the roles and authorizations to use the Management SOAP interface in the description of the single methods in chapter 1.6. The services SOAP interface is secured via SSL server authentication and does not require any other authentication of a user.